- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 07 Sep 2000 13:34:52 -0400
- To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
At 13:30 9/7/2000 -0400, Donald E. Eastlake 3rd wrote: >I think Type should be mandatory. People who have defined their own >KeyInfo data element can easily construct a type for it. Of course, but what if they don't like the type mechanism and they prefer to rely upon the namespace in the XML instance? What happens if they want to rely upon the HTTP header to carry that information? What happens if the type KeyInfo object changes (a newer version with a tweaked namespace) and while they want the URIof the KeyInfo signed, they don't want its Type signed and consequently don't have the ability to change it? Since we aren't specifying any MANDATORY application behavior with respect to type, why REQUIRE the syntax? I'm not wondering if it's easy to do, I'm wondering what requiring it benefits? _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Thursday, 7 September 2000 13:34:57 UTC